Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

virus-Behavior:Win32/Hive.ZY

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

virus-Behavior:Win32/Hive.ZY

#1 Příspěvek od pasik68 »

Ahoj,
Microsoft Defender pořád nachází hrozbu:
vir.JPG
vir.JPG (34.81 KiB) Zobrazeno 978 x
Děkuji za pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by RSlos (administrator) on RADOVAN (Gigabyte Technology Co., Ltd. P55-US3L) (04-09-2022 17:21:55)
Running from C:\Users\RSlos\Desktop
Loaded Profiles: RSlos
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Piriform Software Ltd -> Piriform Software Ltd) D:\Programs\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) D:\Programs\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) D:\Programs\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.543.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => D:\Programs\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY (No File)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [CCleaner Smart Cleaning] => D:\Programs\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [SmartSwitchPDLR.exe] => D:\Programs\Samsung\SmartSwitchPC\SmartSwitchPDLR.exe [1117200 2022-06-14] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [Zoner Photo Studio Autoupdate] => D:\PROGRAMS\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [MicrosoftEdgeAutoLaunch_C543EDFAD1B810FB9BE29157554F9BEC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827104 2022-08-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
HKLM\...\Windows x64\Print Processors\Canon MG3200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB8.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3200 series: C:\WINDOWS\system32\CNMLMB8.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3200 series XPS: C:\WINDOWS\system32\CNMXLMB8.DLL [392192 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-03-28] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2376960 2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C77AE0-DA0C-4189-96A0-D76E4AAEBC1C} - System32\Tasks\CCleaner Update => D:\Programs\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Task: {120DEFE2-6AAA-42D1-998D-D5C6DAA5B1A7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {6090F69C-88BC-415D-8E64-D4C6B2E76171} - System32\Tasks\CCleanerSkipUAC - RSlos => D:\Programs\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {BB0D6788-7F93-4654-BCEF-3BB536A13418} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {FECC0CBC-77F0-4008-AAA6-AA77A894BBAC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f96d08c0-b74a-453f-ba6a-8c92c61a13bc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-04]
Edge DownloadDir: Default -> D:\Downloads

FireFox:
========
FF DefaultProfile: 6ilvrogm.default
FF ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default [2022-09-04]
FF DownloadDir: D:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\6ilvrogm.default -> hxxps://www.seznam.cz/
FF Extension: (Google Translator for Firefox) - C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\Extensions\translator@zoli.bod.xpi [2019-05-21]
FF Extension: (FormApps Extension) - C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\Extensions\{69F080C9-A1D8-42F8-BD83-3D54D4BC81B3}.xpi [2021-03-01]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-19] (Ubisoft Massive -> Ubisoft)

Chrome:
=======
CHR Profile: C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default [2022-09-03]
CHR DownloadDir: D:\Downloads
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Dokumenty Google offline) - C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-08-26] (Malwarebytes Inc. -> Malwarebytes)
S3 Origin Client Service; D:\Hry\Origin\OriginClientService.exe [2575624 2022-06-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; D:\Hry\Origin\OriginWebHelperService.exe [3494672 2022-06-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 PDF24; D:\Programs\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH -> Geek Software GmbH)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-02-01] (Even Balance, Inc. -> )
R2 ss_conn_service; D:\Programs\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-09-24] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; D:\Programs\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-09-24] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EverestDriver; D:\Programs\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [26752 2010-03-31] (LAVALYS -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
U5 UnlockerDriver5; D:\Programs\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-04 17:21 - 2022-09-04 17:22 - 000018860 _____ C:\Users\RSlos\Desktop\FRST.txt
2022-09-04 17:21 - 2022-09-04 17:22 - 000000000 ____D C:\FRST
2022-09-04 17:21 - 2022-09-04 16:22 - 002371072 _____ (Farbar) C:\Users\RSlos\Desktop\FRST64.exe
2022-09-04 17:14 - 2022-09-04 17:14 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-09-04 16:45 - 2022-09-04 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-09-04 16:45 - 2022-09-04 16:45 - 000000000 ____D C:\Program Files\7-Zip
2022-09-04 16:23 - 2022-09-04 17:15 - 000000000 ____D C:\Users\RSlos\AppData\Local\Avast Software
2022-09-04 16:20 - 2022-09-04 17:15 - 000000000 ____D C:\ProgramData\Avast Software
2022-09-04 13:44 - 2022-09-04 13:44 - 000000000 ____D C:\AdwCleaner
2022-08-30 16:11 - 2022-09-04 17:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-08-21 08:29 - 2022-08-21 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2022-08-10 08:23 - 2022-08-10 08:23 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 08:23 - 2022-08-10 08:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 08:23 - 2022-08-10 08:23 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 08:23 - 2022-08-10 08:23 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 08:23 - 2022-08-10 08:23 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 08:15 - 2022-08-10 08:15 - 000000000 ___HD C:\$WinREAgent
2022-08-07 09:14 - 2020-12-02 05:23 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-08-07 09:14 - 2020-12-02 05:23 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-08-07 09:14 - 2020-12-02 05:23 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-08-07 09:14 - 2020-12-02 05:22 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-08-07 09:14 - 2020-12-02 05:21 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-08-07 09:14 - 2020-12-02 05:20 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-08-07 09:14 - 2020-12-02 04:52 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2022-08-07 08:07 - 2022-08-07 08:07 - 000002878 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - RSlos
2022-08-07 08:07 - 2022-08-07 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-08-06 11:13 - 2022-08-06 11:13 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-08-06 11:12 - 2022-06-03 06:15 - 001905936 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001905936 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001478416 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001478416 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001467840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001432320 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001432320 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001209408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-08-06 11:12 - 2022-06-03 06:12 - 000057440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-08-06 11:12 - 2022-06-03 06:10 - 005729744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-04 17:20 - 2021-09-17 21:02 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-04 17:20 - 2019-12-07 16:41 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-09-04 17:20 - 2019-12-07 16:41 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-09-04 17:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-04 17:18 - 2018-09-28 18:05 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-04 17:17 - 2019-05-21 11:50 - 000000000 ____D C:\Users\RSlos\AppData\LocalLow\Mozilla
2022-09-04 17:16 - 2021-11-15 18:26 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2022-09-04 17:16 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-04 17:15 - 2021-09-17 21:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-04 17:15 - 2020-07-20 19:56 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-04 17:15 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-04 17:15 - 2019-05-21 11:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-04 17:15 - 2018-09-28 07:13 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-04 17:13 - 2021-09-17 20:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-04 16:22 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-09-04 13:53 - 2020-11-07 00:44 - 000001384 _____ C:\Users\RSlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-09-03 12:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-03 12:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-03 08:48 - 2021-12-26 12:11 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-02 17:34 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-08-31 18:43 - 2021-12-26 12:10 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-08-31 18:43 - 2021-12-26 12:10 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-08-31 16:23 - 2018-09-28 20:55 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\Mp3tag
2022-08-31 12:51 - 2021-10-09 11:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-31 12:51 - 2019-05-21 11:50 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-08-29 08:05 - 2018-09-28 22:47 - 000000000 ____D C:\Users\RSlos\AppData\Local\D3DSCache
2022-08-28 08:18 - 2020-05-24 07:47 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-26 15:40 - 2022-04-15 11:09 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-08-26 15:39 - 2019-07-20 09:10 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-08-23 17:57 - 2021-09-17 21:03 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-23 17:57 - 2021-09-17 21:03 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-21 09:40 - 2020-11-06 20:23 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\MyPhoneExplorer
2022-08-21 08:29 - 2021-11-15 18:26 - 000000958 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2022-08-12 11:38 - 2021-09-17 21:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-12 11:37 - 2021-12-18 20:03 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-11 15:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 17:12 - 2021-09-17 20:54 - 000378800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-10 17:11 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 08:23 - 2021-09-17 20:55 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 08:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 08:14 - 2018-09-28 07:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 08:11 - 2018-09-28 07:37 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 11:57 - 2018-09-28 07:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-08-07 09:24 - 2018-09-28 07:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-08-07 09:15 - 2018-09-28 10:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-08-07 08:39 - 2021-10-10 18:12 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\Kodi
2022-08-07 08:07 - 2021-09-17 21:03 - 000003926 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-06 11:13 - 2021-01-06 19:53 - 000000000 ____D C:\Users\RSlos\AppData\Local\NVIDIA
2022-08-06 11:13 - 2018-09-28 09:32 - 000000000 ____D C:\ProgramData\Packages
2022-08-06 11:13 - 2018-09-28 07:08 - 000000000 ____D C:\Users\RSlos\AppData\Local\Packages

==================== Files in the root of some directories ========

2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84c
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84cthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2bef
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2befthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbf
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbfthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51f
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51fthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35be
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35bethumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69a
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69athumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825thumb
2019-08-21 16:51 - 2019-08-21 16:51 - 000095085 _____ () C:\Users\RSlos\AppData\Roaming\DefaultAlbumArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000165847 _____ () C:\Users\RSlos\AppData\Roaming\DefaultArtistArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000164313 _____ () C:\Users\RSlos\AppData\Roaming\DefaultPlaylistArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000095085 _____ () C:\Users\RSlos\AppData\Roaming\DefaultTrackArt.png
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857thumb
2020-03-29 11:20 - 2021-02-13 12:55 - 000001829 _____ () C:\Users\RSlos\AppData\Roaming\RADOVAN.MTBF.txt
2020-03-29 11:20 - 2022-06-29 16:27 - 000005120 _____ () C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-22 14:26 - 2018-12-22 14:26 - 000000001 _____ () C:\Users\RSlos\AppData\Local\llftool.4.40.agreement
2018-09-28 11:04 - 2018-09-28 11:04 - 000000017 _____ () C:\Users\RSlos\AppData\Local\resmon.resmoncfg

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by RSlos (04-09-2022 17:23:27)
Running from C:\Users\RSlos\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-09-18 06:18:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1484243458-1922150109-371872183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1484243458-1922150109-371872183-503 - Limited - Disabled)
Guest (S-1-5-21-1484243458-1922150109-371872183-501 - Limited - Disabled)
RSlos (S-1-5-21-1484243458-1922150109-371872183-1001 - Administrator - Enabled) => C:\Users\RSlos
WDAGUtilityAccount (S-1-5-21-1484243458-1922150109-371872183-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ANT Drivers Installer x64 (HKLM\...\{15DDA7AF-3E5C-49CC-B57C-8926F09405A6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Assassin's Creed III (HKLM-x32\...\Assassin's Creed III_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassins Creed Syndicate (HKLM-x32\...\Assassins Creed Syndicate_is1) (Version: - )
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
calibre (HKLM-x32\...\{CF5F9723-E951-4080-BF78-7263A1C9C396}) (Version: 3.32.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Car Mechanic Simulator 2014.v 1.0.6.0 (HKLM-x32\...\Car Mechanic Simulator 2014.v 1.0.6.0_is1) (Version: Car Mechanic Simulator 2014.v 1.0.6.0 - Repack by Fenixx (07.02.2014))
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Creative Pack Volume 1 (HKLM\...\{997BE27F-A97F-4EF4-B841-D20ABF1CD6DC}) (Version: 4.0.0 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FastShare.cz verze 2.4.0 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.4.0 - )
FormApps Signing Extension (HKLM-x32\...\{2ADAFEB7-56C5-497F-8960-67DA46A81838}) (Version: 2.27.0.46 - Software602 a.s.)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 105.0.5195.102 - Google LLC)
Hollywood FX Volumes 1-3 (HKLM\...\{48C2040D-B49F-4B4D-AE4A-0DCED3305692}) (Version: 3.0 - Corel Corporation)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Kodi (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Kodi) (Version: - XBMC-Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.70 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.25 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0405-1000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Teams (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Mozaik 3D Viewer S (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Mozaik 3D Viewer S) (Version: 2.0.255 - MOZAIK Education Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 104.0.1 (x64 cs)) (Version: 104.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.5 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NewBlue Effects (HKLM\...\{C68BAB1A-C7DF-4D81-83FC-981B31921924}) (Version: 2.1.0 - Corel Corporation)
NVIDIA Ovladače grafiky 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.)
PDF24 Creator 7.3.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM\...\{D0B4B563-918D-42CE-8ADF-1E1549A7DCF9}) (Version: 7.0.324.3 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{e63a1903-34cf-4f96-90f3-fb0c70694630}) (Version: 7.0.324.3 - Tracker Software Products (Canada) Ltd.)
Pinnacle MyDVD (HKLM-x32\...\{9E90B657-D5B4-40C0-AE05-B29DED063494}) (Version: 1.0.112 - Název společnosti:) Hidden
Pinnacle MyDVD (HKLM-x32\...\{E6D07A42-38B7-4AAF-A857-2DF7177244D7}) (Version: 1.0 - Pinnacle)
Pinnacle Studio 19 - Standard Content Pack (HKLM\...\{91D1B712-604F-49C8-943F-FD257D647161}) (Version: 19.1 - Corel Corporation)
Pinnacle Studio 19 (HKLM\...\{CF91A83C-B84F-43CE-BCCE-7247E6137173}) (Version: 19.1.2.299 - Corel Corporation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG3200 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3200 series) (Version: - Canon Inc.‎)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.48.0 - Samsung Electronics Co., Ltd.)
ScoreFitter Volumes 1-2 (HKLM\...\{5CA29919-6361-4A17-91C5-6819E43794B1}) (Version: 3.0 - Corel Corporation)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22063.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22063.6 - Samsung Electronics Co., Ltd.)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.89.214.1030 - Electronic Arts Inc.)
Title Extreme (HKLM\...\{3B519225-B4B2-40B7-A431-3C6AAE2831B4}) (Version: 3.0 - Corel Corporation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: - ZONER software)

Packages:
=========
CUE Splitter -> C:\Program Files\WindowsApps\38812MedievalSoftware.CUESplitter_2.0.8.0_x64__qfb5004rcjhse [2022-08-12] (Medieval Software)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-09] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-06] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-17] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-08-06] (NVIDIA Corp.)
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.220.0_x64__jb41c8remg0x2 [2021-09-04] (Polarr)
Rozšíření pro video HEVC -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe [2022-05-27] (Microsoft Corporation)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-04] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0 [2022-08-25] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1484243458-1922150109-371872183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\RSlos\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => D:\Programs\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Programs\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\nvshext.dll [2020-12-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Programs\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => pvmjpgx40.dll
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506312 2014-01-08] (proDAD GmbH -> proDAD GmbH)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-11-06 22:45 - 2005-06-07 13:26 - 000043008 _____ () [File not signed] D:\Programs\WinRAR\rarext64.dll
2018-09-28 21:11 - 2012-03-28 19:01 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1484243458-1922150109-371872183-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2019-05-20 20:10 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1484243458-1922150109-371872183-1001\Control Panel\Desktop\\Wallpaper -> D:\Obrázky\Auta\Škoda Popular Monte Carlo.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Display"
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0F493B56-619C-4876-89FC-20C9F623A49F}D:\hry\assassin's creed iii\ac3sp.exe] => (Allow) D:\hry\assassin's creed iii\ac3sp.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{E6F85EE6-8A3B-4786-97ED-92CBA0A8E9A5}D:\hry\assassin's creed iii\ac3sp.exe] => (Allow) D:\hry\assassin's creed iii\ac3sp.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{7C271C67-A94D-4851-833A-9EA8360FF0A1}D:\hry\assassins creed brotherhood\acbsp.exe] => (Allow) D:\hry\assassins creed brotherhood\acbsp.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [TCP Query User{CD6A4571-C125-4732-86D7-D03434652D74}D:\hry\assassins creed brotherhood\acbsp.exe] => (Allow) D:\hry\assassins creed brotherhood\acbsp.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [UDP Query User{BC061566-0D83-41A8-8954-A444D691DE42}D:\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{3ACF5F02-35A4-452C-834D-8E7D16E8F565}D:\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{E67134F9-60D3-4323-9269-21CFF519394D}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{62DC0103-B4E9-48CD-8661-2DE3905BE8D0}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{009E0728-C4F9-4A06-BCEA-200AB5A2438D}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{3AD4DA43-D518-429E-B0BB-A7E56E1BBFA3}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{67D48E2F-13D1-421A-A11B-462BD342276C}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{0353E250-92F9-44A3-B5D0-A461DDE8D380}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [UDP Query User{709B04A9-29CE-407A-A138-7BD07E737E0E}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E0156561-1258-4530-80D2-0EC4036596A2}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B9132572-843E-4F17-A43B-36B22A63BDF3}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{61894A6E-BF95-4D0A-A016-544B4210C61E}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B591E49-8163-4AFE-8800-724BE13ADA69}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{DA2F72E5-C68E-4203-B587-62C7FF602549}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{357AC1F2-29C6-403A-B442-BF12BE80BC9C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft) [File not signed]
FirewallRules: [{80FB702C-75F9-4D72-844A-D6495AFDF0B2}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft) [File not signed]
FirewallRules: [{6C1211E1-A0E2-4C0B-A4A4-659F009C69F6}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft) [File not signed]
FirewallRules: [{85AA27E1-C9FF-4694-AFC4-5136419B1176}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft) [File not signed]
FirewallRules: [{E6E2FF15-919D-4A34-8847-4B21FAEB8ECE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8BE97D4D-E454-4A02-83BD-DF2FCA88B6D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9AF68CD-B28C-4EBD-B851-BA085DD8AA3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{E4A32F8A-BA32-49F5-BF6C-3F80723BF014}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8217AB0E-1C5B-40E0-BB0C-8D575549B745}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C8B4063E-D335-4704-92AA-A15BB09AD3A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{45892470-C855-4931-BCA8-68F7F1AC0E66}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{56D7B120-BB0C-4375-BA6F-5E3382887FD6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{8CB7840B-A404-4A4C-870C-3E919F1DFE30}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B0320090-890D-410B-8D98-1DEB366C11C6}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{16CA10C9-5EF9-480C-8E3F-FF62BA38C270}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{9BB119B3-17CC-4871-A062-F8B5D96C2A8A}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{D41DAE36-B9BD-4D0A-A231-7052BAF74399}] => (Allow) D:\Programs\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{5D981017-F913-4CE0-BE96-EAC4119A74D9}] => (Allow) D:\Programs\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{7E4C7482-E2F4-45F0-860C-8FB6A69BEF01}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{80675DA5-6747-4DC9-A230-E120A87092EA}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{613931F9-AB35-4505-8503-0218CCFA6A10}D:\programs\kodi\kodi.exe] => (Allow) D:\programs\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{8D6775C5-0FCC-46AE-B9C8-767E82EDB507}D:\programs\kodi\kodi.exe] => (Allow) D:\programs\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{343F7CC2-648F-4DC2-A75D-34CD83889A33}] => (Allow) D:\Hry\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{79E3746C-42B3-4D21-985F-0B20E92087AE}] => (Allow) D:\Hry\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B32CBA98-06F9-4AA2-998F-EAD19832C3C9}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{828CEF35-EB41-48DF-B39A-2640A8DC2D7A}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{62E1125E-D43F-499A-A24E-CFC403AED23B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{92734CD1-362A-4556-8A2F-71B6DF658F36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B5E0FDBB-BA98-4FB0-AF19-A122380A78E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E77034-F38A-49CB-9E1B-6617CEF15908}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0FB78E53-3236-4FE7-B052-93018E902658}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{32322E59-67DD-49A4-8F9E-65119EEAD7C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FBEEC5BA-5068-4BEB-BBD8-EF7F7297BD10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F085F96-7F2F-40AA-B559-2264BAA34F28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F621D5FF-7947-480D-8AFC-5766840DCA7A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7E1737DC-0E4D-431A-B034-31E425975CBF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.25\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

21-08-2022 08:29:21 Instalováno Smart Switch
31-08-2022 14:20:53 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Multimediální video adaptér
Description: Multimediální video adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediální adaptér
Description: Multimediální adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediální adaptér
Description: Multimediální adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/04/2022 05:15:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_stisvc, verze: 10.0.19041.1806, časové razítko: 0x7dcad237
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000009b00000001
ID chybujícího procesu: 0x588
Čas spuštění chybující aplikace: 0x01d8c0713c18e4d0
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2fe1cb17-938f-4e37-b59e-a0386a7966ef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/04/2022 11:36:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/31/2022 04:21:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Programs\Audacity\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

Error: (08/31/2022 03:34:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Programs\Audacity\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

Error: (08/28/2022 06:43:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 06:36:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 01:43:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 01:26:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Načítání obrázků (WIA) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF24 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby PDF24 bylo dosaženo časového limitu (45000 ms).

Error: (09/04/2022 01:55:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (09/04/2022 01:55:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RSlos\AppData\Local\Temp\ehdrv.sys

Error: (09/04/2022 01:55:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (09/04/2022 01:55:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RSlos\AppData\Local\Temp\ehdrv.sys

Error: (09/04/2022 01:55:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.


Windows Defender:
================
Date: 2022-09-04 17:17:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10760:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 17:16:26
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:8000:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 16:17:57
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10004:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 16:12:14
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:6276:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 15:57:14
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:6276:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

CodeIntegrity:
===============
Date: 2022-09-04 16:41:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. FH 06/24/2010
Motherboard: Gigabyte Technology Co., Ltd. P55-US3L
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 8183.48 MB
Available physical RAM: 4724.63 MB
Total Virtual: 9463.48 MB
Available Virtual: 4604.96 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:231.93 GB) (Free:172.69 GB) (Model: Samsung SSD 860 EVO 250GB ATA Device) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:393.74 GB) (Model: ST1000DM003-1CH162 ATA Device) NTFS

\\?\Volume{bce5a315-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{bce5a315-0000-0000-0000-a01a3a000000}\ () (Fixed) (Total:0.47 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 856E1FCF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#3 Příspěvek od pasik68 »

AdwCleaner- vidím pouze skenovat, opravu nikde nenabízí.

-------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-08-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-04-2022
# Duration: 00:00:07
# OS: Windows 10 Home
# Scanned: 32101
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch File C:\Users\Public\Desktop\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch File C:\Users\RSlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\Users\RSlos\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}


AdwCleaner_Debug.log - [7794 octets] - [04/09/2022 18:22:22]
Naposledy upravil(a) pasik68 dne 04 zář 2022 17:28, celkem upraveno 1 x.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#4 Příspěvek od pasik68 »

022-09-04 16:23:18 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:21 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:21 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:22 : <INFO> [Application] Closing AdwCleaner
2022-09-04 16:23:31 : <INFO> [Application] AdwCleaner 8 . 3 . 2 launched
2022-09-04 16:23:32 : <INFO> [MBInstaller] Checking Iris
2022-09-04 16:23:32 : <INFO> [IRIS] Making request
2022-09-04 16:23:32 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:23:32 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:23:32 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:23:32 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] ALPN: None
2022-09-04 16:23:32 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:23:32 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:23:32 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:23:32 : <INFO> [Telemetry] Sending hello
2022-09-04 16:23:32 : <INFO> [AdwUpgrade] Checking application updates
2022-09-04 16:23:32 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2022-09-04 16:23:32 : <INFO> [IRIS] Failed
2022-09-04 16:23:32 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:23:32 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:23:32 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:23:32 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] ALPN: None
2022-09-04 16:23:32 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:23:32 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:23:32 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:23:32 : <INFO> [Telemetry] Status code: QVariant(int, 200)
2022-09-04 16:23:39 : <INFO> [Application] Closing AdwCleaner
2022-09-04 16:24:31 : <INFO> [Application] AdwCleaner 8 . 3 . 2 launched
2022-09-04 16:24:31 : <INFO> [MBInstaller] Checking Iris
2022-09-04 16:24:31 : <INFO> [IRIS] Making request
2022-09-04 16:24:31 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:31 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:31 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] ALPN: None
2022-09-04 16:24:31 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:24:31 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:24:31 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:24:31 : <INFO> [AdwUpgrade] Checking application updates
2022-09-04 16:24:31 : <INFO> [Telemetry] Sending hello
2022-09-04 16:24:31 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2022-09-04 16:24:31 : <INFO> [IRIS] Failed
2022-09-04 16:24:31 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:31 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:31 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] ALPN: None
2022-09-04 16:24:31 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:24:31 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:24:31 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:24:31 : <INFO> [Telemetry] Status code: QVariant(int, 200)
2022-09-04 16:24:36 : <INFO> [Button clicked] Scan
2022-09-04 16:24:36 : <INFO> [Scan] Started
2022-09-04 16:24:36 : <INFO> [Database] Downloading database
2022-09-04 16:24:36 : <INFO> [Database] Checking integrity
2022-09-04 16:24:36 : <INFO> [Database] Found 2689 families
2022-09-04 16:24:36 : <INFO> [Database] Database v "2022-08-22.1"
2022-09-04 16:24:36 : <INFO> [Loading paths] Local paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] Chrome paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] Firefox paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] User Keys loaded
2022-09-04 16:24:36 : <INFO> [Module initialized] "File"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Folder"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegistryKey"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegistryValue"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Winlogon"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegAppInit"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegClasses"
2022-09-04 16:24:36 : <INFO> [Module initialized] "DNS"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegGuid"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegSoftwar2022-09-04 16:24:36 : <INFO> [Module initialized] "RegIEElevationPolicy"
2022-09-04 16:24:36 : <INFO> [Module initialized] "HostsFile"
2022-09-04 16:24:36 : <INFO> [Module initialized] "TaskName"
2022-09-04 16:24:36 : <INFO> [Module initialized] "FirefoxExt"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Service"
2022-09-04 16:24:36 : <INFO> [Module initialized] "WMI"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegFirewallPolicy"
2022-09-04 16:24:37 : <INFO> [Module initialized] "URL"
2022-09-04 16:24:37 : <INFO> [Scan] Exclusions loaded
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\RSlos\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2022-09-04 16:24:43 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\RSlos\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2022-09-04 16:24:43 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2022-09-04 16:24:43 : <INFO> [Telemetry] Sending to Influx
2022-09-04 16:24:43 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:43 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:43 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:43 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:43 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:43 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:43 : <INFO> [SslCert] ALPN: Yes
2022-09-04 16:24:43 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2022-09-04 16:24:43 : <INFO> [SslCert] KXE: "ECDH"
2022-09-04 16:24:43 : <INFO> [SslCert] Protocol: "TLSv1.2"
2022-09-04 16:24:43 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2022-09-04 16:24:43 : <INFO> [Telemetry] Sending to DSE
2022-09-04 16:24:44 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:44 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:44 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:44 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:44 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:44 : <INFO> [SslCert] ALPN: Yes
2022-09-04 16:24:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2022-09-04 16:24:44 : <INFO> [SslCert] KXE: "ECDH"
2022-09-04 16:24:44 : <INFO> [SslCert] Protocol: "TLSv1.2"
2022-09-04 16:24:44 : <INFO> [Telemetry] Status code: QVariant(int, 201)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#5 Příspěvek od Rudy »

Preinstalled jsou v pořádku (utility od Samsung). Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#6 Příspěvek od pasik68 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by RSlos (04-09-2022 19:05:09) Run:1
Running from C:\Users\RSlos\Desktop
Loaded Profiles: RSlos
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpress" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15645B1A-1830-410D-915A-C8A70F083D44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15645B1A-1830-410D-915A-C8A70F083D44}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DF05A27-CB34-40CA-8109-B2CC59D55B0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DF05A27-CB34-40CA-8109-B2CC59D55B0E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{711DE3C2-3819-44E9-89F1-FF9E4E1C3E97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{711DE3C2-3819-44E9-89F1-FF9E4E1C3E97}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A65FB89-DBEB-4DA4-B2D3-9A256313DB68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A65FB89-DBEB-4DA4-B2D3-9A256313DB68}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34207052 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 2895136 B
Edge => 9216 B
Chrome => 50175594 B
Firefox => 37309224 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7358 B
NetworkService => 19774 B
RSlos => 1488662 B

RecycleBin => 0 B
EmptyTemp: => 121.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:05:14 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#7 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#8 Příspěvek od pasik68 »

Bohužel ne. Po restartu počítače hned 4x za sebou hlásil Defender hrozbu.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#9 Příspěvek od Rudy »

Zkusíme vyčistit ještě prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#10 Příspěvek od pasik68 »

provedeno za 1 a tď se pustím za 2

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by RSlos on 05.09.2022 at 15:08:31,33.
Microsoft Windows 10 Home 10.0.19044 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\RSlos\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

05.09.2022 15:09:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Pegasus Imaging deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\RSlos\AppData\Local\DBG deleted successfully
C:\Users\RSlos\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.search.suggest.enabled", false);

Added to C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default

user.js not found
---- Lines Search removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Default Search Engine,DuckDuckGo,Heureka,Mapy.cz");
---- FireFox user.js and prefs.js backups ----

prefs__1521_.backup

==== Deleting Files \ Folders ======================

C:\Users\RSlos\AppData\Roaming\calibre deleted
C:\Users\RSlos\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\RSlos\AppData\Local\Avast Software deleted
C:\Users\RSlos\AppData\Local\cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM29AC0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2B978.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2C3E.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118661.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118663.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118675.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118677.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118688.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11868a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11868c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11869e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186ba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d0a1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d12f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d3c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d431.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d52d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d704.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16db8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dbab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dbfb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dc1c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dc8c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dcad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dcce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dce0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd20.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd75.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de48.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de89.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de9a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4deac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4deae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4debf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dec1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4ded3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df04.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df18.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df29.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df3b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df4c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df4e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dfa3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dfa5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e421.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e442.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e463.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e475.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e496.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e498.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4ec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e50f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e531.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e533.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e535.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e546.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e577.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e579.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e59a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e5ac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102de6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102de8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102df9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102dfb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e0d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e22.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e3a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e4c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e4e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e77.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f548.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f569.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f56b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f57d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f57f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f581.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f592.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f594.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5a6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f608.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa40.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa77.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa79.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fab6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fab8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17facb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17facd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f98.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fa9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9900d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9901f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99021.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99032.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99044.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99046.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99057.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99069.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9907b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9909c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-990ae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833885.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338a6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338c7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338d9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338db.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-83391e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-83392f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833941.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833952.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833983.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833995.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339a7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339cc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833a10.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cbdd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cbef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc00.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc14.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc28.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc49.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc70.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc95.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cca9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9ccab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9ccbd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10630f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106321.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106323.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106334.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106336.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106338.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106350.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106361.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106363.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106375.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106377.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106379.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10638b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10638d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10639e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-1063a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ed7c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ed8e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eda0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eda2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edc9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edcb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eddd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eddf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee0a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd25.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd37.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd49.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd4b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd5c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd5e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd99.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd9b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd9d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdaf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdb1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e42.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e83.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ec5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ee6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ef8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f29.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f8b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623fbc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623fdd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ffe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-62401f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624060.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624091.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-6240b2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-6240e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624114.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624145.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769bf58.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c3ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c4f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c72e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c81a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769cdf8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d230.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d30d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d38c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d572.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d5f1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d632.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d70f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d74f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d82c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d957.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769db4d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769dbeb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769dca9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e4e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e4f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e515.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e517.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e529.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e52b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e53d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e54e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e550.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e562.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e564.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e575.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e587.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e589.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e59b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5fe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e600.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada826.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada838.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada859.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada86b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada87c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada88e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada89f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8d4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada909.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada91b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada92c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada93e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada950.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada961.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada983.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827234d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827235f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272371.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272373.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272384.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272386.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272398.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723a9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723ab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723d1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272417.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272429.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827243a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827244c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ecf9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed73.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390eda8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edb9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edcd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edcf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edf6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edf8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd2e7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd337.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd3b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd416.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd486.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd497.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4a9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4ba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4ce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4f1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd505.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd517.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd528.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd52a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd53c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd54d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cb9e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbb24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbb55.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbbc4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbc05.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbc65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbd90.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbde0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbe3f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbe9f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbed0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbf01.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbf80.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbfef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cc0ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cc255.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbf86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfc8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfe9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc078.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc08a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc09b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc105.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc117.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc128.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc12a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc13c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc14e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc15f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd65b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd67d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd68e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6d3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd70a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd70c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd71d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd71f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd731.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd733.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd745.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd747.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd768.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd779.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a21.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a37.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a58.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a6c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a6e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a8f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a91.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aa2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ab4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ac6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ac8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ad9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aeb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24afd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b20.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b22.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b33.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b45.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b57.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e0e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e113.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e125.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e1b3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e1e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e205.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e217.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e257.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e279.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e29a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2ac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e300.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e311.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e313.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e335.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e375.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e396.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377949.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37795a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37797c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37797e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37798f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377991.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779a3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779a5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779c8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779eb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a36.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962b5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962b7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962c9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962dc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96308.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9630a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9630c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9631d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9631f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96321.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96333.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96335.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a45cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a466b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a468c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a47d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4817.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4838.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a485a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a489a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48dd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a491f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4931.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4981.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a49b2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a02.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a56.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a811.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a823.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a825.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a827.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a829.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a82b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a83d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a83f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a841.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a843.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a854.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a856.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a858.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a85a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a85c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a86e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a870.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a872.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a874.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff03.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff34.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff95.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffb9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffdc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a001c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a007c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a009d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a009f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0105.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0126.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0148.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0169.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0692.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a075f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a07bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a088c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a090b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a096b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a09ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0a59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0ab9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0aea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0afb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b2e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b5f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0bbf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0be0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c21.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c34.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d09.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d73.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d98.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4daa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4dbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4ddd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4dee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e00.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e46.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ed66.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ed97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eda9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edcc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eded.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee44.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee55.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee67.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eeab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eebd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eecf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eee0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eef2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a28.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a7a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a7c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a8e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a90.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1aa1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ada.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1adc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ade.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1af0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b02.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b04.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b15.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b17.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d181c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d182e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1830.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1841.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1853.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1865.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1876.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1888.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d189a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d189c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18d4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18e8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59c5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a39.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a4a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a6b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a7d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a9e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ab0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ac2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ad3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ae5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5af6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5af8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b0a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b0c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b1e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b2f.tmp deleted
C:\WINDOWS\Syswow64\is-CC0PJ.tmp deleted
C:\WINDOWS\Syswow64\is-R6O96.tmp deleted
"C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84c" deleted
"C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84cthumb" deleted
"C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692" deleted
"C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025" deleted
"C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76" deleted
"C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57" deleted
"C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57thumb" deleted
"C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2bef" deleted
"C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2befthumb" deleted
"C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98" deleted
"C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98thumb" deleted
"C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7" deleted
"C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7thumb" deleted
"C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbf" deleted
"C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbfthumb" deleted
"C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4" deleted
"C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4thumb" deleted
"C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51f" deleted
"C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51fthumb" deleted
"C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776" deleted
"C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776thumb" deleted
"C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531" deleted
"C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531thumb" deleted
"C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35be" deleted
"C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35bethumb" deleted
"C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69a" deleted
"C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69athumb" deleted
"C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247" deleted
"C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247thumb" deleted
"C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825" deleted
"C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825thumb" deleted
"C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9" deleted
"C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9thumb" deleted
"C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857" deleted
"C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857thumb" deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\RSlos\AppData\Roaming\MPC-HC" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
- Undetermined - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Undetermined - %ProfilePath%\extensions\{69F080C9-A1D8-42F8-BD83-3D54D4BC81B3}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
C08AC183933D8FFD9BB7AB1AFB948B67 - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor
02393A25A2191135268AD56817EC6ACD - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor


==== Chromium Look ======================



==== Chromium Startpages ======================

C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
kahdhfohhjmg":"40647823D034FA8C91BC5DCBBA7DB4E42C4AE1D966215267C034B6ECD96F3E84","fogppepbgmgkpdkinbojbibkhoffpief":"B0B32791F586AD71C05286B5E26C830430279F899B10132F8BB3375E21270A0B","geiinlhabolacmdgdkbkppfmijlemjep":"BBDF5FEC3A2F64AF2F771CB47D2C5BDF79950FEA05D887704B28528DD7291D2B","iglcjdemknebjbklcgkfaebgojjphkec":"B72C090C2D9E3B2C60B72D8023D49059832350C115FDCEEB9B476F8BFE409DB0","ihmafllikibpmigkcoadcmckbfhibefp":"E4EB533684D534787516258C464813914F33E8B4A4086DB0FEA15B900B199C9B","jdiccldimpdaibmpdkjnbmckianbfold":"FBB22F3EF91EC7C1E65594F566C2EACE5EAFE81D04EE0F09D9751D08DD5EC532","kmendfapggjehodndflmmgagdbamhnfd":"0AF8E523AF6BAC305F51BA2A55593B77B065536B597CEA689428D35E3C3B958A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"19338409AC0ADABB26EB001A54E0192428C478B0E6295C7935D4EFB72BAF60FE","ncbjelpjchkpbikbpkcchkhkblodoama":"AAA5A463A5DC9164CC32D47C96C8940032A04E0F3E68A125EA6E5783FA80A8CC","nkeimhogjdpnpccoofpliimaahmaaome":"1C33A76CD12A5CFAC9EA781CA73D124D2A6EA64EB06462EC3A2B46F04EA2B5AA"}},"homepage":"CF51B76CDE23E9FD66997B12842975A8A9CD899887DE000BE0674335D1647DF5","homepage_is_newtabpage":"A5061EB0F3F4206F3120320D2FCDF82F6F31FA5B3412A051D8F95B6E9A6AFA36","media":{"cdm":{"origin_data":"28D98AA278F9B150AA314BB833E2FBAD13CE3837C5BBF39F72456D48ADA57C8C"},"storage_id_salt":"A31E4C6455E2B3C4AFEEA4421FD27D7E6024992D7788F1EBC2F6F2D77F68625A"},"pinned_tabs":"F7870A54B904E0A4E8A85CB9EB9CC9E32E4CE9D48025D47E11B3BF0EB912FB40","prefs":{"preference_reset_time":"8F37B2BFEE085AE669D7E39A64D832C531BC25F16879E38D4A48AE8F8983958D"},"safebrowsing":{"incidents_sent":"8699D414C6D18C9730F5124881EB2FDBDDFC120F323B5F0DED9BED8C47EBAC5C"},"search_provider_overrides":"2D64D0BAB2DA5341547E9394EA12D49202D42583F752A214E0EFBBC92D8ACBD1","session":{"restore_on_startup":"4003038838A22EBF125636DD92A34B76E48ED9A9890237D01FE8A3A9BCEABCC2","startup_urls":"90C4C36D27814265C4678AD219B334376205CEA9BA3B9B9BBEC6223A95784423"},"settings_reset_prompt":{"last_triggered_for_default_search":"3BCD034B95F374A00A92FC7D5FA7FF35A7E0D2F2888BC926732977DEED55CBED","last_triggered_for_homepage":"84402241964CA6AA1E5896085D8AFBCB25A1E3A1FFA6FFE361E24333A5847365","last_triggered_for_startup_urls":"A2387E3DFDDA25B6DC345521CBE34F14AD86B31547E56463BF27DC8ED059C53A","prompt_wave":"099A87AA321702998972C6453B3290A920A310DEF31513134FCEDB021583C1FA"},"software_reporter":{"prompt_seed":"66EA6C11B122C9F93B124043F86FF6BAC6FB9966D4B7E6332879B9AED630159C","prompt_version":"CA4F16B85FAC93BDF61E0B69ADF92B7A8BF2A2C30254BB49C137E8264E9FF92D","reporting":"5707B0132BD3BB6D0A447694FD83B3C11B595B9F95B15091A7E12C31CA4C5F6F"}}},"reset_prepopulated_engines":false,"resolve_navigation_errors_use_web_service":{"enabled":false},"retention_collections_bubble_show_timer":1651153260.80647,"safebrowsing":{"advanced_protection_last_refresh":"13306856050014560","event_timestamps":{},"metrics_last_log_time":"13306777977","saw_interstitial_sber2":true,"unhandled_sync_password_reuses":{}},"savefile":{"default_directory":"D:\\Downloads"},"selectfile":{"last_directory":"D:\\Downloads\\4.Naskenované"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sessions":{"event_log":[{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306699107268565","type":2,"window_count":0},{"crashed":false,"time":"13306746982455761","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":0,"time":"13306765332499660","type":2,"window_count":1},{"crashed":false,"time":"13306765333189458","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306778107707406","type":2,"window_count":0},{"crashed":false,"time":"13306778186940200","type":0},{"crashed":false,"time":"13306784789011368","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":0,"time":"13306787799838908","type":2,"window_count":1},{"crashed":false,"time":"13306787800514192","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306789419164393","type":2,"window_count":0},{"crashed":false,"time":"13306856049942774","type":0}],"session_data_status":1},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"shopping":{"last_notification_time":"13303636880091381"},"show-no-internet-message":false,"signin":{"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":false,"bag_of_chips":"CgMxMDY=","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"f3s6B66NprdthtccNyv6fQ==","collections":false,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":1,"edge_promoted_types":["sync.extensions"],"encryption_bootstrap_token":"djEwS0RS8N1OtnUt/N9MEkzDW1bCsNVcpAHiYm7QHke6DZm3ErWwGsdyaVFladHMmXkIgt+ax+2W8/vlS1Dr8+lisCu1+j4GBNd0VWt6XGJw+UBepw==","extensions":false,"extensions_edge_supported":true,"gaia_id":"0003000096BF9B28","has_setup_completed":true,"history_edge_supported":true,"invalidation_versions2":{"154522":"1656422658267000","32904":"1593794722429000"},"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2NjIzNzc5NzMuNDQxNjEzfQ==","last_poll_time":"13306765278513798","last_synced_time":"13306787686558146","local_device_guids_with_timestamp":[{"cache_guid":"f3s6B66NprdthtccNyv6fQ==","timestamp":154014}],"passwords":false,"preferences":true,"requested":false,"short_poll_interval":"28800000000","tabs_edge_supported":true},"sync_consent_recorded":true,"sync_settings_iris_load_timestamp":"13256840081476441","third_party_search":{"consented":false},"tracking_prevention":{"strict_inprivate":true},"translate_accepted_count":{"en":0},"translate_allowlists":{},"translate_blocked_languages":["cs","en"],"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":0},"translate_recent_target":"cs","translate_site_blacklist":[],"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"try_collections_first_time":true,"unified_consent":{"migration_state":10},"user_experience_metrics":{"personalization_data_consent_enabled_last_known_value":false,"reporting_personalization_enabled":false},"variations":{"state_reset_on_profile_load":{"timestamp":"13249831608296960"}},"web_apps":{"daily_metrics":{"https://muj.cez.cz/col/":{"background_d ... hrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"105","link_handling_info":{"enabled_for_installed_apps":true},"system_web_app_failure_count":0,"system_web_app_last_attempted_language":"cs","system_web_app_last_attempted_update":"104.0.1293.70","system_web_app_last_installed_language":"cs","system_web_app_last_update":"104.0.1293.70"},"webkit":{"webprefs":{"default_fixed_font_size":17,"default_font_size":20}},"zerosuggest":{"cachedresults":""}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="https://www.bing.com/search?q={searchTe ... 02&pc=UE00"

==== Reset Google Chrome ======================

C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data will be reset at reboot
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\RSlos\AppData\Local\Mozilla\Firefox\Profiles\6ilvrogm.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=103 folders=729 157879626 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\RSlos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data" not found

==== EOF on 05.09.2022 at 15:25:32,82 ======================
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#11 Příspěvek od pasik68 »

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by RSlos (Administrator) on 05.09.2022 at 15:30:39,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2022 at 15:32:36,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#12 Příspěvek od Rudy »

OK. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
pasik68
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 27 čer 2013 15:21

Re: virus-Behavior:Win32/Hive.ZY

#13 Příspěvek od pasik68 »

Vypadá to, že už je to v pořádku.
Výztraha od Defenderu se objevila jen po prvním spuštění počítače a teď to už dává cca 2,5hod pokoj.

Ještě bude potřeba něco vyčistit? Něco po použitých utilitách?

Moc děkuji. A určitě Vám přispěji.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: virus-Behavior:Win32/Hive.ZY

#14 Příspěvek od Rudy »

Myslím, že je to vše.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“